DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

US School Shooter Emergency Plans Exposed in Raptor Technologies Data Leak

Posted on January 11, 2024 by Dissent

Matt Burgess reports:

Thousands of emergency planning documents from US schools—including their safety procedures for active shooter emergencies—were leaked in a trove of more than 4 million records that were inadvertently made public. Last month, security researcher Jeremiah Fowler discovered 800 gigabytes of files and logs linked to school software provider Raptor Technologies. The firm provides software that allows schools to track student attendance, monitor visitors, and manage emergency situations. Raptor says its software is used by more than 5,300 US school districts and 60,000 schools around the world.

The highly sensitive cache of documents included evacuation plans, with maps showing the routes students should take and where they should gather during emergencies; details of students who pose a threat on campus; medical records; court documents relating to restraining orders and family abuse; and the names and ID numbers of staff, students, and their parents or guardians. “This is the most diverse group of documents I’ve found,” says Fowler, who detailed the findings for security firm vpnMentor.

Read more at WIRED.

Note:  Independently and unaware of Fowler’s activities, DataBreaches had also been contacting Raptor Technologies about their leak after another researcher sent DataBreaches a tip on November 3.

Unfortunately, the tip had been sent to a rarely used account, so DataBreaches did not see it until December 3, but then DataBreaches immediately contacted a school district on December 3 through their secure urgent tip line and urged them to contact Raptor to get files locked down. DataBreaches provided the district with a link to an exposed PDF file of more than 100 pages containing  personal information and portrait pictures of all their students.

That school district never even replied.

DataBreaches also contacted Raptor Technologies via their site and then an email on December 4.  Getting no reply to either,  DataBreaches contacted Raptor Technologies again on December 5.

To my astonishment, rather than just forwarding my December 4 email internally, they sent me an email on December 5 asking me to email their security@ email address.  Seriously, Raptor Technologies? You don’t know how to escalate a website contact or email and have nothing on your site about contacting you urgently about a data security issue? 

DataBreaches dutifully re-sent the message yet again to another email address for Raptor. They never replied.

DataBreaches is glad vpnMentor reported on this leak and remains troubled that neither the school district this site contacted nor Raptor Technologies ever responded appropriately and timely to this site’s efforts to get them to lock down personal and sensitive information.

Update: Note that this statement by Raptor in WIRED’s reporting is also troubling:

David Rogers, chief marketing officer at Raptor Technologies, tells WIRED the company “immediately implemented remediation protocols” to secure the exposed data once it was contacted and started an investigation into the issue. “We have communicated with all Raptor customers,” Rogers says. “There is no indication at this time that any such data was accessed by third parties beyond the cybersecurity researcher and Raptor Technologies personnel,” he says, adding there is no reason to believe there has been any misuse of the information.

Data were accessed by third parties beyond Fowler and Raptor by at least one other researcher and DataBreaches, who attempted to verify the leak.  Doesn’t Raptor have access logs or are they just making a factually inaccurate statement?

 

Category: Commentaries and AnalysesEducation SectorSubcontractorU.S.

Post navigation

← Erie VA Medical Center says it regrets veteran info disclosure
Finland warns of Akira ransomware wiping NAS and tape backup devices →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Plastic surgeons often store nude photos of patients with their identity information. When would we call that “negligent?”
  • India: Servers of two city hospitals hacked; police register FIR
  • Ph: Coop Hospital confirms probe into reported cyberattack
  • Slapped wrists for Financial Conduct Authority staff who emailed work data home
  • School Districts Unaware BoardDocs Software Published Their Private Files
  • A guilty plea in the PowerSchool case still leaves unanswered questions
  • Brussels Parliament hit by cyber-attack
  • Sweden under cyberattack: Prime minister sounds the alarm
  • Former CIA Analyst Sentenced to Over Three Years in Prison for Unlawfully Transmitting Top Secret National Defense Information
  • FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe
  • AI tools collect and store data about you from all your devices – here’s how to be aware of what you’re revealing
  • 23andMe Privacy Ombudsman Urges User Consent Pre-Data Sale

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.